cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Issue with clients connecting on SSID with multiple vlans

Highlighted
Here to help

Issue with clients connecting on SSID with multiple vlans

I hope I can explain this correctly, it's a strange issue and I'm wondering if I'm just missing something.

I deployed a new Meraki AP at a branch location, on a new VLAN (let's say vlan 16). The intention was to extend our secure wireless out to that branch. So the same SSID used at the main office is on the branch office AP.

 

However the main office is on VLAN 10. I added VLAN 16 to the branch office.

If I place a port in the new vlan and connect a laptop to it, the laptop connects to our LAN just fine. It gets a DHCP address as expected and can reach the gateway. Routing is good.

If I plug the Meraki into the same port in the same new vlan, it also gets a DHCP address and can be managed in the dashboard. It shows green. Works the same if I switch the access port to a trunk port which I've done.

If I connect a client to the SSID, it fails to grab a DHCP address and cannot reach the default gateway. It can however ping the Meraki. Otherwise no network access.

 

The SSID is configured with RADIUS for authentication. RADIUS seems to work because the client device can sign in and connect. They just get no network.

The last step I did was add the new VLAN to a RADIUS attribute but I ran out of time to test it.

 

The SSID, let's call it Company_Secure, has the following VLAN settings. I am not sure if I should tweak these, or if I'm going off into the woods on something that's not the issue.
2019-04-10 10_34_06-Window.png


Has anyone run into a similar issue?

 

Thank you for your time.

4 REPLIES 4
Highlighted
Kind of a big deal

Re: Issue with clients connecting on SSID with multiple vlans

Do you have a separate network for that branch office or is that AP sitting in the main office meraki network on the dashboard?

How do you have the port configured where the AP connects to?
How do you have the access control settings configured for the SSID (assuming local LAN access is allowed).
Assuming also you have the AP's tagged correctly?
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Highlighted
Head in the Cloud

Re: Issue with clients connecting on SSID with multiple vlans

Just thinking about Radius and what I need to configure when I use a MR within a network with an Radius...

 

Wireless - Network access, you use WPA2 Enterprise with "my Radius Server"?

Your radius server is configured correctly and on the radius side the MR is configured as well (would recommend to use static IP for your MR)

 

I think to remember we had the same problem, beeing able to receive a IP but not the gateway, because the MR IP changed and wasn´t connected correctly to the radius server which caused that problem.

Highlighted
Here to help

Re: Issue with clients connecting on SSID with multiple vlans

@NolanHerring -

 

Do you have a separate network for that branch office or is that AP sitting in the main office meraki network on the dashboard? The branch office is on a separate network and is separated from the main office with a router. The router has a sub-interface with the new VLAN on it. The AP is at the branch office.

How do you have the port configured where the AP connects to? The port is currently set as a trunk port.
How do you have the access control settings configured for the SSID (assuming local LAN access is allowed). - It's set for direct access and the firewall allows local LAN
Assuming also you have the AP's tagged correctly? I believe so. I don't know though. The AP is tagged and the tag was added to the Company_Secure SSID and the SSID shows up. Then I added another tag for the VLAN ID as shown above in the screenshot.

Highlighted
Here to help

Re: Issue with clients connecting on SSID with multiple vlans

Ok, so I did two things, not sure which helped but my problem is now resolved.

 

1) I added VLANs to the RADIUS server as attributes

2) I re-did the tagging for the VLAN I added to the Company_Secure SSID. So I made a tag called "VLAN16", added it to the AP, and added it to the VLANs on the SSID

 

The client also had to delete the wireless profile and re-add it before it worked.

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.